diff -Nru glibc-2.35/debian/changelog glibc-2.35/debian/changelog --- glibc-2.35/debian/changelog 2022-07-07 02:23:23.000000000 +0300 +++ glibc-2.35/debian/changelog 2023-03-13 13:42:04.000000000 +0200 @@ -1,3 +1,10 @@ +glibc (2.35-0ubuntu3.2) jammy; urgency=medium + + * d/p/0001-x86-Add-bounds-x86_non_temporal_threshold.patch + * d/p/0002-x86-Check-minimum-maximum-of-non_temporal_threshold-.patch (LP: #2011421) + + -- Ioanna Alifieraki Mon, 13 Mar 2023 13:42:04 +0200 + glibc (2.35-0ubuntu3.1) jammy; urgency=medium * debian/maint: add a script to manage backports of patches from upstream diff -Nru glibc-2.35/debian/patches/0001-x86-Add-bounds-x86_non_temporal_threshold.patch glibc-2.35/debian/patches/0001-x86-Add-bounds-x86_non_temporal_threshold.patch --- glibc-2.35/debian/patches/0001-x86-Add-bounds-x86_non_temporal_threshold.patch 1970-01-01 02:00:00.000000000 +0200 +++ glibc-2.35/debian/patches/0001-x86-Add-bounds-x86_non_temporal_threshold.patch 2023-03-13 13:33:08.000000000 +0200 @@ -0,0 +1,54 @@ +From 89df39f652099e360436ee8677c90e925fa66a1e Mon Sep 17 00:00:00 2001 +From: Noah Goldstein +Origin: upstream, https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b446822b6ae4e8149902a78cdd4a886634ad6321 +Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29953 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/2011421 +Date: Wed, 15 Jun 2022 10:41:29 -0700 +Subject: [PATCH 1/2] x86: Add bounds `x86_non_temporal_threshold` + +The lower-bound (16448) and upper-bound (SIZE_MAX / 16) are assumed +by memmove-vec-unaligned-erms. + +The lower-bound is needed because memmove-vec-unaligned-erms unrolls +the loop aggressively in the L(large_memset_4x) case. + +The upper-bound is needed because memmove-vec-unaligned-erms +right-shifts the value of `x86_non_temporal_threshold` by +LOG_4X_MEMCPY_THRESH (4) which without a bound may overflow. + +The lack of lower-bound can be a correctness issue. The lack of +upper-bound cannot. +--- + manual/tunables.texi | 2 +- + sysdeps/x86/dl-cacheinfo.h | 8 +++++++- + 2 files changed, 8 insertions(+), 2 deletions(-) + +--- a/manual/tunables.texi ++++ b/manual/tunables.texi +@@ -47,7 +47,7 @@ glibc.malloc.mxfast: 0x0 (min: 0x0, max: + glibc.elision.skip_lock_busy: 3 (min: -2147483648, max: 2147483647) + glibc.malloc.top_pad: 0x0 (min: 0x0, max: 0xffffffffffffffff) + glibc.cpu.x86_rep_stosb_threshold: 0x800 (min: 0x1, max: 0xffffffffffffffff) +-glibc.cpu.x86_non_temporal_threshold: 0xc0000 (min: 0x0, max: 0xffffffffffffffff) ++glibc.cpu.x86_non_temporal_threshold: 0xc0000 (min: 0x4040, max: 0x0fffffffffffffff) + glibc.cpu.x86_shstk: + glibc.cpu.hwcap_mask: 0x6 (min: 0x0, max: 0xffffffffffffffff) + glibc.malloc.mmap_max: 0 (min: -2147483648, max: 2147483647) +--- a/sysdeps/x86/dl-cacheinfo.h ++++ b/sysdeps/x86/dl-cacheinfo.h +@@ -943,8 +943,14 @@ dl_init_cacheinfo (struct cpu_features * + + TUNABLE_SET_WITH_BOUNDS (x86_data_cache_size, data, 0, SIZE_MAX); + TUNABLE_SET_WITH_BOUNDS (x86_shared_cache_size, shared, 0, SIZE_MAX); ++ /* SIZE_MAX >> 4 because memmove-vec-unaligned-erms right-shifts the value of ++ 'x86_non_temporal_threshold' by `LOG_4X_MEMCPY_THRESH` (4) and it is best ++ if that operation cannot overflow. Minimum of 0x4040 (16448) because the ++ L(large_memset_4x) loops need 64-byte to cache align and enough space for ++ at least 1 iteration of 4x PAGE_SIZE unrolled loop. Both values are ++ reflected in the manual. */ + TUNABLE_SET_WITH_BOUNDS (x86_non_temporal_threshold, non_temporal_threshold, +- 0, SIZE_MAX); ++ 0x4040, SIZE_MAX >> 4); + TUNABLE_SET_WITH_BOUNDS (x86_rep_movsb_threshold, rep_movsb_threshold, + minimum_rep_movsb_threshold, SIZE_MAX); + TUNABLE_SET_WITH_BOUNDS (x86_rep_stosb_threshold, rep_stosb_threshold, 1, diff -Nru glibc-2.35/debian/patches/0002-x86-Check-minimum-maximum-of-non_temporal_threshold-.patch glibc-2.35/debian/patches/0002-x86-Check-minimum-maximum-of-non_temporal_threshold-.patch --- glibc-2.35/debian/patches/0002-x86-Check-minimum-maximum-of-non_temporal_threshold-.patch 1970-01-01 02:00:00.000000000 +0200 +++ glibc-2.35/debian/patches/0002-x86-Check-minimum-maximum-of-non_temporal_threshold-.patch 2023-03-13 13:33:26.000000000 +0200 @@ -0,0 +1,68 @@ +From c1386dbf5c8cdb7a9cdf345e51793f168959bb59 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Origin: upstream, https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=48b74865c63840b288bd85b4d8743533b73b339b +Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29953 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/2011421 +Date: Tue, 3 Jan 2023 13:06:48 -0800 +Subject: [PATCH 2/2] x86: Check minimum/maximum of non_temporal_threshold [BZ + #29953] + +The minimum non_temporal_threshold is 0x4040. non_temporal_threshold may +be set to less than the minimum value when the shared cache size isn't +available (e.g., in an emulator) or by the tunable. Add checks for +minimum and maximum of non_temporal_threshold. + +This fixes BZ #29953. +--- + sysdeps/x86/dl-cacheinfo.h | 25 ++++++++++++++++--------- + 1 file changed, 16 insertions(+), 9 deletions(-) + +--- a/sysdeps/x86/dl-cacheinfo.h ++++ b/sysdeps/x86/dl-cacheinfo.h +@@ -861,6 +861,18 @@ dl_init_cacheinfo (struct cpu_features * + share of the cache, it has a substantial risk of negatively + impacting the performance of other threads running on the chip. */ + unsigned long int non_temporal_threshold = shared * 3 / 4; ++ /* SIZE_MAX >> 4 because memmove-vec-unaligned-erms right-shifts the value of ++ 'x86_non_temporal_threshold' by `LOG_4X_MEMCPY_THRESH` (4) and it is best ++ if that operation cannot overflow. Minimum of 0x4040 (16448) because the ++ L(large_memset_4x) loops need 64-byte to cache align and enough space for ++ at least 1 iteration of 4x PAGE_SIZE unrolled loop. Both values are ++ reflected in the manual. */ ++ unsigned long int maximum_non_temporal_threshold = SIZE_MAX >> 4; ++ unsigned long int minimum_non_temporal_threshold = 0x4040; ++ if (non_temporal_threshold < minimum_non_temporal_threshold) ++ non_temporal_threshold = minimum_non_temporal_threshold; ++ else if (non_temporal_threshold > maximum_non_temporal_threshold) ++ non_temporal_threshold = maximum_non_temporal_threshold; + + #if HAVE_TUNABLES + /* NB: The REP MOVSB threshold must be greater than VEC_SIZE * 8. */ +@@ -927,8 +939,8 @@ dl_init_cacheinfo (struct cpu_features * + shared = tunable_size; + + tunable_size = TUNABLE_GET (x86_non_temporal_threshold, long int, NULL); +- /* NB: Ignore the default value 0. */ +- if (tunable_size != 0) ++ if (tunable_size > minimum_non_temporal_threshold ++ && tunable_size <= maximum_non_temporal_threshold) + non_temporal_threshold = tunable_size; + + tunable_size = TUNABLE_GET (x86_rep_movsb_threshold, long int, NULL); +@@ -943,14 +955,9 @@ dl_init_cacheinfo (struct cpu_features * + + TUNABLE_SET_WITH_BOUNDS (x86_data_cache_size, data, 0, SIZE_MAX); + TUNABLE_SET_WITH_BOUNDS (x86_shared_cache_size, shared, 0, SIZE_MAX); +- /* SIZE_MAX >> 4 because memmove-vec-unaligned-erms right-shifts the value of +- 'x86_non_temporal_threshold' by `LOG_4X_MEMCPY_THRESH` (4) and it is best +- if that operation cannot overflow. Minimum of 0x4040 (16448) because the +- L(large_memset_4x) loops need 64-byte to cache align and enough space for +- at least 1 iteration of 4x PAGE_SIZE unrolled loop. Both values are +- reflected in the manual. */ + TUNABLE_SET_WITH_BOUNDS (x86_non_temporal_threshold, non_temporal_threshold, +- 0x4040, SIZE_MAX >> 4); ++ minimum_non_temporal_threshold, ++ maximum_non_temporal_threshold); + TUNABLE_SET_WITH_BOUNDS (x86_rep_movsb_threshold, rep_movsb_threshold, + minimum_rep_movsb_threshold, SIZE_MAX); + TUNABLE_SET_WITH_BOUNDS (x86_rep_stosb_threshold, rep_stosb_threshold, 1, diff -Nru glibc-2.35/debian/patches/series glibc-2.35/debian/patches/series --- glibc-2.35/debian/patches/series 2022-07-07 02:21:29.000000000 +0300 +++ glibc-2.35/debian/patches/series 2023-03-13 13:33:16.000000000 +0200 @@ -179,3 +179,5 @@ ubuntu/local-fallback-to-monotonic.diff ubuntu/submitted-broadcast-to-prevent-deadlock.diff ubuntu/sdt-headers.patch +0001-x86-Add-bounds-x86_non_temporal_threshold.patch +0002-x86-Check-minimum-maximum-of-non_temporal_threshold-.patch